From Flows to Graphs: Benchmarking Centrality Metrics in ML-Based Intrusion Detection Systems
摘要
The increasing prevalence of cyber-attacks in Internet of Things (IoT) environments necessitates scalable and efficient intrusion detection systems (IDS) that can operate under constrained resources. In this work, we explore the use of graph-based centrality metrics as a lightweight yet informative alternative to traditional network flow features for intrusion detection. We evaluate multiple machine learning models-including Decision Trees, Random Forests, and Artificial Neural Networks-trained on centrality features extracted from communication graphs in the ACI-IoT-2023 dataset. Our results show that a shallow ANN achieves high accuracy (97.67%) and strong generalization with minimal computational overhead, making it suitable for deployment on fog and edge devices. We also propose a graph neural network (GNN) that leverages edge-derived node statistics to achieve competitive performance, even in the absence of explicit node features. Statistical analysis confirms the robustness of the proposed models across class distributions and train-test splits. These findings highlight the practical potential of graph-based learning for efficient, topology-aware intrusion detection in IoT systems. Future work will investigate hybrid architectures that combine flow and graph-based insights to further enhance detection capabilities.